Upgrade ACA-Py Agents #18
Comments
|
We'd like to automate the detection and upgrade process, @jleach do you have any thoughts and references we could use? My first thoughts are something like the bcgov/repomountie bot. |
|
Could take the API work from repomountie and make a cron job. The bots a mostly event driven so not awesome at looking through repos for outdated data. Could troll repos and create a PR for the update. |
|
There is an issue with revocation notifications that has been identified and confirmed in |
WadeBarnes
changed the title
WadeBarnes
changed the title
|
The NR FSA team uses Dependabot and Renovate to keep their various dependencies up to date. We should look further into these tools as well. |
|
Renovate is a new one to me — https://github.com/renovatebot/renovate. What is the difference between it and dependabot? And aren’t we already using dependabot everywhere? |
|
I don't know how they compare yet, but how they are used is different than simply using dependabot to get updates for security vulnerabilities. They are using them to get updates to their dependencies when new versions are released, regardless of whether the release is associated with a security vulnerability. |
|
Got it. That’s good. Especially if the PRs get automatically run through the unit/integration tests. Would that be enough for merges? Where does the dev judgement (and time…the harder part) come in. |
|
I'd think we'd want the It's more of a matter of automating the detection and updates, since we typically update all of our projects at once, once we've done some preliminary testing with one of them. |
|
First step to a new official release; https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.8.0-rc0 |
WadeBarnes
changed the title
|
@WadeBarnes I think we should re-assess which agents we want to update vs. which agents should be "frozen" since the projects they belong to are either archived/frozen or unmaintained at this point. |
|
@esune, Updated the list in the description. Please review and see if you agree with the ones I've marked |
What you are proposing makes sense to me. I am wondering if we should open issues to remove references for |
That seems appropriate. |
|
Updated and reorganized the list of updates to be made in the description. |
|
Updated the DITP Inventory of Deployments spreadsheet with a new tab labeled |
Thanks @WadeBarnes . I noticed there are remnants of an old (decommissioned) endorser deployment, logged #156 to take care of that. |
|
We also might need to track https://github.com/bcgov/aries-vcr-issuer-controller for updates, since some of the deployed OrgBook integrations use it for their source code. |
|
IDIM |
Complete. IDIM |
These upgrades should be performed in combination with #83
The DITP Inventory of Deployments contains a list of our deployed ACA-Py agents. Review the list and upgrade the agents to the latest ACA-Py version. Endorser agents running
1.0.0-rcxversions may need special attention, as they were deployed before full support for the endorser protocols were officially released with ACA-Py.Where possible the spreadsheet contains links to the agent's deployment within OCP.
The data in the spreadsheet is generated in part by an automated audit script that scans the OCP environments for agent instances and collects data including agent version, secure storage type, and endorser role; docs. getDids.sh
Note: - ACA-Py 0.12.0rc0 resolves the issues with routing of
REVOC_REG_ENTRYs through an Endorser. Test results here; openwallet-foundation/acapy#2441 (comment)Next Steps:
REVOC_REG_ENTRYrouting issue. Start breaking down the issuer-kit based agents and outline what's involved with upgrading each. Expected to be involved areindytoaskarmigrations, wallet database upgrades (to Postgres v14 as that is the easiest target), and migration toaskaronly images. This work should be performed in separate tickets, one top level one to better identify the affected agents, and possibly additional tickets for each of the more involved upgrades. Priority should be given to active issuers that are affected by theREVOC_REG_ENTRYrouting issues.Below is a list of repositories containing references to ACA-Py images:
aca-py v0.7.4toaca-py v0.10.3in the Digital Trust Services Trust Over IP (e79518) environments. They all need to be brought up to the same version. Which requires indy to askar migration in some cases.bcgov/trust-over-ip-configurations. There are a mix of agents fromaca-py v0.7.4toaca-py v0.10.3in the Digital Trust Services Trust Over IP (e79518) environments. They all need to be brought up to the same version.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.https://github.com/bcgov/iiwbookhttps://github.com/bcgov/indy-email-verificationDormantlife cycle badge.https://github.com/bcgov/dts-vc-issuer-servicehttps://github.com/bcgov/aries-vcr-issuer-agencyhttps://github.com/bcgov/moh-primehttps://github.com/bcgov/moh-vvc-issuerhttps://github.com/bcgov/dts-vc-tutorialhttps://github.com/bcgov/healthgatewayhttps://github.com/bcgov/essential-services-deliveryhttps://github.com/bcgov/identity-kit-configurationshttps://github.com/bcgov/ised-business-banking-initiativehttps://github.com/bcgov/aries-acapy-plugin-redis-eventsThe text was updated successfully, but these errors were encountered: